Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Steps to install and configure pptp for centos

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly introduces the steps of "centos installation and configuration of pptp". In daily operation, I believe many people have doubts about the steps of centos installation and configuration of pptp. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "centos installation and configuration of pptp". Next, please follow the editor to study!

Description:

Server operating system: CentOS 5.X 64-bit

Server IP address: 192.168.21.128

Purpose: the server installs and configures pptp software to provide virtual private network dialing service

Specific operations:

Download the installation package

1. Ppp # this software package is required to install pptpd

Http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-14.1.rhel5.x86_64.rpm

2. The latest version of pptpd #

Http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm

Upload to / usr/local/src directory after download

Check whether the server system environment supports the installation of pptp virtual private network

1. Check whether the system kernel supports MPPE patches.

The code is as follows:

Modprobe ppp-compress-18 & & echo success

Display success indicates that the system supports MPPE patches. If not, you need to install kernel-devel first.

The code is as follows:

Yum install kernel-devel

2. Check whether the system enables TUN/TAP support.

Cat / dev/net/tun

If this instruction displays the following text, it indicates that it is approved:

The code is as follows:

Cat: / dev/net/tun: File descriptor in bad state

3. Check whether the system enables ppp support.

The code is as follows:

Cat / dev/ppp

If this instruction displays the following text, it indicates that it is approved:

The code is as follows:

Cat: / dev/ppp: No such device or address

The above three items must be met at the same time, otherwise the pptp virtual private network cannot be installed

Third, install pptp

The code is as follows:

Cd / usr/local/src

Rpm-ivh ppp-2.4.4-14.1.rhel5.x86_64.rpm # install ppp

Rpm-ivh pptpd-1.4.0-1.rhel5.x86_64.rpm # install pptp

4. Configure pptp

1. Edit vi / etc/ppp/options.pptpd #, add and modify the following parameters

The code is as follows:

Name pptpd

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Proxyarp

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd

Ms-dns 8.8.8.8 # add primary DNS server address

Ms-dns 8.8.4.4 # add standby DNS server address

: wq! # Save, exit

2. Vi / etc/ppp/chap-secrets # set pptp dial-up users and passwords (multiple users can be set, one per line)

The code is as follows:

# client server secret IP addresses

Osyunwei virtual private network user01 pptpd 123456 *

Osyunwei virtual private network user02 pptpd 1234 *

Osyunwei virtual private network user03 pptpd 12345678 *

Format: username pptpd password *

Where * indicates that the client is automatically assigned an IP address

: wq! # Save, exit

3. Vi / etc/pptpd.conf # set the IP address of the pptp server and set the virtual private network to dial into the client ip address pool

The code is as follows:

Option / etc/ppp/options.pptpd

Logwtmp

Localip 172.16.36.1 # set the pptp virtual dial-up server IP address (note: not the IP address of the server itself)

Remoteip 172.16.36.2-254# dynamically assigns IP addresses between 172.16.36.2and 172.16.36.254 for users dialed into the virtual private network

The code is as follows:

: wq! # Save, exit

/ sbin/service pptpd start # launch pptp

/ etc/init.d/pptpd stop # shutdown

Service pptpd restart # restart

Chkconfig pptpd on # set boot up

5. Enable the server system routing mode to support packet forwarding

Edit vi / etc/sysctl.conf

The code is as follows:

Net.ipv4.ip_forward = 1 # set to 1

# net.ipv4.tcp_syncookies = 1 # comment out

The code is as follows:

: wq! # Save, exit

/ sbin/sysctl-p # make the setting take effect immediately

VI. Set firewall forwarding rules

The code is as follows:

Yum install iptables # install a firewall

Service iptables start # start the firewall

Iptables-t nat-A POSTROUTING-s 172.16.36.0 iptables 255.255.255.0-j SNAT-- to-source 192.168.21.128 # add rules

Iptables-A FORWARD-p tcp-- syn-s 172.16.36.0 to 255.255.255.0-j TCPMSS-- set-mss 1356 # add rules

/ etc/init.d/iptables save # Save firewall settings

Open the pptp service port tcp 1723, and set the virtual private network to dial into the client ip address pool 172.16.36.0and255.255.255.0 through the firewall.

Edit vi / etc/sysconfig/iptables and add the following code

The code is as follows:

-A RH-Firewall-1-INPUT-p tcp-m state-- state NEW-m tcp-- dport 1723-j ACCEPT

-A RH-Firewall-1-INPUT-s 172.16.36.0Universe 255.255.255.0-j ACCEPT

: wq! # Save, exit

Note:

The code is as follows:

# 192.168.21.128 is the server IP address

# 172.16.36.0 pptp 255.255.255.0 is the IP address field of the virtual dial-up server set in step 4.

/ etc/init.d/iptables restart # restart the firewall

Chkconfig iptables on # set boot up

Cat / etc/sysconfig/iptables # View Firewall profile

# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013

* nat

: PREROUTING ACCEPT [60:4680]

: POSTROUTING ACCEPT [4:258]

: OUTPUT ACCEPT [4:258]

-A POSTROUTING-s 172.16.36.0Universe 255.255.255.0-j SNAT-- to-source 192.168.21.128

COMMIT

# Completed on Wed Dec 11 20:21:08 2013

# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013

* filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [94:16159]

: RH-Firewall-1-INPUT-[0:0]

-An INPUT-j RH-Firewall-1-INPUT

-A FORWARD-j RH-Firewall-1-INPUT

-A FORWARD-s 172.16.36.0 FORWARD 255.255.255.0-p tcp- m tcp--tcp-flags FIN,SYN,RST,ACK SYN-j TCPMSS-- set-mss 1356

-A RH-Firewall-1-INPUT-I lo-j ACCEPT

-A RH-Firewall-1-INPUT-p icmp- m icmp--icmp-type any-j ACCEPT

-A RH-Firewall-1-INPUT-p esp-j ACCEPT

-A RH-Firewall-1-INPUT-p ah-j ACCEPT

-A RH-Firewall-1-INPUT-d 224.0.0.251-p udp-m udp-- dport 5353-j ACCEPT

-A RH-Firewall-1-INPUT-p udp-m udp-- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m tcp-- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state-- state NEW-m tcp-- dport 22-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state-- state NEW-m tcp-- dport 1723-j ACCEPT

-A RH-Firewall-1-INPUT-s 172.16.36.0Universe 255.255.255.0-j ACCEPT

-A RH-Firewall-1-INPUT-j REJECT-- reject-with icmp-host-prohibited

COMMIT

# Completed on Wed Dec 11 20:21:08 2013

Set up the ppp device node automatically when booting up (this file may be lost after the system reboot, resulting in pptp client dialing error 619)

Edit vi / etc/rc.d/rc.local and add this line of code at the end of the file

The code is as follows:

Mknod / dev/ppp c 108 0 # add this line at the end of the file

: wq! # Save, exit

At this point, on the "centos installation and configuration of pptp steps" study is over, I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report